SONAR-8269 organization in WS api/permissions/add_group_to_template

server/sonar-server/src/main/java/org/sonar/server/permission/ws/PermissionsWsParametersBuilder.java

@@ -73,7 +73,6 @@ public static NewParam createProjectPermissionParameter(NewAction action) {
   }
 
   public static void createGroupNameParameter(NewAction action) {
-    createOrganizationParameter(action);
     action.createParam(PARAM_GROUP_NAME)
       .setDescription("Group name or 'anyone' (case insensitive)")
       .setExampleValue("sonar-administrators");
@@ -118,6 +117,7 @@ public static void createUserLoginParameter(NewAction action) {
 
   public static void createTemplateParameters(NewAction action) {
     createTemplateIdParameter(action);
+    createOrganizationParameter(action);
     createTemplateNameParameter(action);
   }
 

server/sonar-server/src/main/java/org/sonar/server/permission/ws/template/AddGroupToTemplateAction.java

@@ -19,10 +19,10 @@
  */
 package org.sonar.server.permission.ws.template;
 
+import java.util.Optional;
 import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.permission.template.PermissionTemplateDto;
@@ -32,7 +32,8 @@
 import org.sonar.server.usergroups.ws.GroupIdOrAnyone;
 
 import static java.lang.String.format;
-import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupIdParameter;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createGroupNameParameter;
 import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
@@ -71,15 +72,14 @@ public void define(WebService.NewController context) {
 
   @Override
   public void handle(Request request, Response response) {
-    checkGlobalAdminUser(userSession);
-
     try (DbSession dbSession = dbClient.openSession(false)) {
       String permission = request.mandatoryParam(PARAM_PERMISSION);
       GroupIdOrAnyone groupId = support.findGroup(dbSession, request);
-      checkRequest(!GlobalPermissions.SYSTEM_ADMIN.equals(permission) || !groupId.isAnyone(),
+      checkRequest(!SYSTEM_ADMIN.equals(permission) || !groupId.isAnyone(),
         format("It is not possible to add the '%s' permission to the group 'Anyone'.", permission));
 
       PermissionTemplateDto template = support.findTemplate(dbSession, fromRequest(request));
+      checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty());
 
       if (!groupAlreadyAdded(dbSession, template.getId(), permission, groupId)) {
         dbClient.permissionTemplateDao().insertGroupPermission(dbSession, template.getId(), groupId.getId(), permission);

server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java

@@ -31,7 +31,6 @@
 import org.sonar.server.exceptions.BadRequestException;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.exceptions.NotFoundException;
-import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.permission.ws.BasePermissionWsTest;
 import org.sonar.server.ws.WsTester;
 
@@ -59,20 +58,23 @@ protected AddGroupToTemplateAction buildWsAction() {
 
   @Before
   public void setUp() {
-    loginAsAdmin();
     template = insertTemplate();
     group = db.users().insertGroup(defaultOrganizationProvider.getDto(), "group-name");
   }
 
   @Test
   public void add_group_to_template() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     newRequest(group.getName(), template.getUuid(), CODEVIEWER);
 
     assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(group.getName());
   }
 
   @Test
   public void add_group_to_template_by_name() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     newRequest()
       .setParam(PARAM_GROUP_NAME, group.getName())
       .setParam(PARAM_PERMISSION, CODEVIEWER)
@@ -84,6 +86,8 @@ public void add_group_to_template_by_name() throws Exception {
 
   @Test
   public void add_with_group_id() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     newRequest()
       .setParam(PARAM_TEMPLATE_ID, template.getUuid())
       .setParam(PARAM_PERMISSION, CODEVIEWER)
@@ -95,6 +99,8 @@ public void add_with_group_id() throws Exception {
 
   @Test
   public void does_not_add_a_group_twice() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN);
     newRequest(group.getName(), template.getUuid(), ISSUE_ADMIN);
 
@@ -103,13 +109,17 @@ public void does_not_add_a_group_twice() throws Exception {
 
   @Test
   public void add_anyone_group_to_template() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     newRequest(ANYONE, template.getUuid(), CODEVIEWER);
 
     assertThat(getGroupNamesInTemplateAndPermission(template.getId(), CODEVIEWER)).containsExactly(ANYONE);
   }
 
   @Test
   public void fail_if_add_anyone_group_to_admin_permission() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     expectedException.expect(BadRequestException.class);
     expectedException.expectMessage(String.format("It is not possible to add the '%s' permission to the group 'Anyone'", UserRole.ADMIN));
 
@@ -118,51 +128,53 @@ public void fail_if_add_anyone_group_to_admin_permission() throws Exception {
 
   @Test
   public void fail_if_not_a_project_permission() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     expectedException.expect(IllegalArgumentException.class);
 
     newRequest(group.getName(), template.getUuid(), GlobalPermissions.PROVISIONING);
   }
 
   @Test
-  public void fail_if_insufficient_privileges() throws Exception {
-    userSession.setGlobalPermissions(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+  public void fail_if_not_admin_of_default_organization() throws Exception {
+    userSession.login();
 
     expectedException.expect(ForbiddenException.class);
 
     newRequest(group.getName(), template.getUuid(), CODEVIEWER);
   }
 
-  @Test
-  public void fail_if_not_logged_in() throws Exception {
-    expectedException.expect(UnauthorizedException.class);
-    userSession.anonymous();
-
-    newRequest(group.getName(), template.getUuid(), CODEVIEWER);
-  }
-
   @Test
   public void fail_if_group_params_missing() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     expectedException.expect(BadRequestException.class);
 
     newRequest(null, template.getUuid(), CODEVIEWER);
   }
 
   @Test
   public void fail_if_permission_missing() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     expectedException.expect(IllegalArgumentException.class);
 
     newRequest(group.getName(), template.getUuid(), null);
   }
 
   @Test
   public void fail_if_template_uuid_and_name_missing() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     expectedException.expect(BadRequestException.class);
 
     newRequest(group.getName(), null, CODEVIEWER);
   }
 
   @Test
   public void fail_if_group_does_not_exist() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("No group with name 'unknown-group-name'");
 
@@ -171,6 +183,8 @@ public void fail_if_group_does_not_exist() throws Exception {
 
   @Test
   public void fail_if_template_key_does_not_exist() throws Exception {
+    loginAsAdminOnDefaultOrganization();
+
     expectedException.expect(NotFoundException.class);
     expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
 
@@ -201,8 +215,4 @@ private List<String> getGroupNamesInTemplateAndPermission(long templateId, Strin
   private WsTester.TestRequest newRequest() {
     return wsTester.newPostRequest(CONTROLLER, "add_group_to_template");
   }
-
-  private void loginAsAdmin() {
-    userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
-  }
 }